Logging Threats and Detection
RCCE students will learn endpoint and system logging architecture including log source configuration, log collection, centralized log management, log retention policies, and log analysis for security monitoring. RCCE students will learn to configure logging on Windows, Linux, and macOS endpoints, enable security-relevant event categories, forward logs to centralized SIEM platforms, parse and normalize log data, develop log-based detection rules, investigate security events using log correlation, implement tamper-resistant logging, manage log storage and retention to meet compliance requirements, and troubleshoot log collection failures. This threat-focused course teaches students to think like adversaries while building robust defenses. At an expert level, RCCE students will learn to analyze attack techniques, build detection logic, and implement defensive strategies that proactively identify threats before they cause damage. Students develop a threat-informed mindset that drives better security decisions across all operational activities.
- Endpoint Security Engineers and EDR Analysts
- Windows and macOS Administrators managing privileges
- Identity and Access Management Engineers
- IT Security Operations Leads reducing attack surface
- Professionals implementing Logging Threats and Detection
- Build detections and response workflows for privilege escalation
- Execute hands-on tasks for advanced cyber defense mastery
- Explain Executive Overview fundamentals
- Explain Why Logging Is the Foundation of Threat Detection fundamentals
- Execute hands-on tasks for adversary perspective
- Execute hands-on tasks for defender advantage — covering Attackers disable/tamper logs first, Comprehensive logging reduces dwell time.
- Execute hands-on tasks for core definitions
- Execute hands-on tasks for log source
- Execute hands-on tasks for security information and event management platform
- Execute hands-on tasks for log aggregation
- Design a scalable privilege management architecture with policy and enforcement
| Module 01 | Logging Threats and Detection |
| Module 02 | Advanced Cyber Defense Mastery |
| Module 03 | Executive Overview |
| Module 04 | Why Logging Is the Foundation of Threat Detection |
| Module 05 | Adversary Perspective |
| Module 06 | Defender Advantage |
| Module 07 | Core Definitions |
| Module 08 | Essential Logging and Detection Terminology |
| Module 09 | Log Source |
| Module 10 | Security Information and Event Management platform |
| Module 11 | Log Aggregation |
| Module 12 | Log Source Architecture |
| Module 13 | Log Sources |
| Module 14 | Log Collector |
All hands-on labs run on Rocheston Rose X OS. Students practice logging threats and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Build detections and response workflows for privilege escalation
- Lab 2: Execute hands-on tasks for advanced cyber defense mastery
- Lab 3: Explain Executive Overview fundamentals
- Lab 4: Explain Why Logging Is the Foundation of Threat Detection fundamentals
- Lab 5: Execute hands-on tasks for adversary perspective
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Logging Threats and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI